WO2020197096A1 - Système et procédé de gestion de l'utilisation d'une application infonuagique - Google Patents
Système et procédé de gestion de l'utilisation d'une application infonuagique Download PDFInfo
- Publication number
- WO2020197096A1 WO2020197096A1 PCT/KR2020/002439 KR2020002439W WO2020197096A1 WO 2020197096 A1 WO2020197096 A1 WO 2020197096A1 KR 2020002439 W KR2020002439 W KR 2020002439W WO 2020197096 A1 WO2020197096 A1 WO 2020197096A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- management server
- application
- security policy
- cloud
- user
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Definitions
- Embodiments of the present invention relate to a system and method for managing the use of cloud-based applications.
- Cloud computing technology is attracting attention in terms of high-capacity, high-speed processing, and near-infinite use of IT resources that are out of the limits of personal computers.
- cloud computing technology is expected to be used in various fields due to advantages such as high efficiency, low cost, management expertise, and convenience due to the intensive IT service.
- Patent Document Republic of Korea Patent Publication No. 10-2018-0118874 (2018.11.01)
- the cloud-based application usage management system is for obtaining visibility of the use of the cloud-based application and controlling the cloud-based application according to a security policy.
- the cloud-based application usage management system requests the use of one or more applications to a management server and provides them to a user, collects logs related to the use of the applications, and transmits them to the management server.
- a security policy for the one or more applications is input from the user terminal and the administrator, it is determined whether the use request conforms to the security policy, and when the use request conforms to the security policy, the one And a management server that provides use of the application to more than one user terminal, and provides use information for the at least one application to the administrator by analyzing the log.
- the management server provides a security policy violation message to the one or more user terminals when the use request does not conform to the security policy as a result of the determination, and the one or more user terminals transmits the provided security policy violation message. You can print it out as a user.
- the management server may each receive a security policy for each of the one or more user terminals from the administrator, or group the one or more user terminals into one or more groups, and receive a security policy for each of the one or more groups.
- the management server may each receive a security policy for each of the one or more applications from the administrator, or group the one or more applications into one or more groups, and receive a security policy for each of the one or more groups.
- the management server analyzes the log and, when the use of the application includes abnormal use including hacking, stops the use of the application provided to the one or more user terminals, and outputs a hacking risk message to the administrator. I can.
- the cloud-based application usage management method performed by the cloud-based application usage management system includes, in a management server, receiving a security policy for one or more applications from an administrator, and one or more user terminals. In, requesting the use of the one or more applications to the management server, collecting logs related to the use of the application from the one or more user terminals and transmitting the logs to the management server, the management server, the use request Determining whether or not the security policy is met, in the management server, providing the use of the application to the at least one user terminal when the request for use meets the security policy as a result of the determination, the at least one At a user terminal, providing use of the application to a user, and analyzing the log at the management server and providing usage information on the at least one application to the administrator.
- the use management system for a cloud-based application it is to solve the security problem according to the cloud technology by obtaining and controlling the visibility of the use of the cloud-based application.
- FIG. 1 is a block diagram illustrating a system for managing use of a cloud-based application according to an embodiment of the present invention.
- FIG. 2 is a view for explaining a method of providing the use of an application to a user in the use management system of a cloud-based application according to an embodiment of the present invention
- FIG. 3 is a view for explaining a method of outputting a security policy violation message to a user in a use management system for a cloud-based application according to an embodiment of the present invention
- FIG. 4 is a view for explaining a method of outputting a hacking risk message to an administrator in a use management system for a cloud-based application according to an embodiment of the present invention
- FIG. 5 is a flowchart of a method for managing use of a cloud-based application performed by the use management system for a cloud-based application according to an embodiment of the present invention
- FIG. 1 is a block diagram illustrating a system 100 for managing use of a cloud-based application according to an embodiment of the present invention.
- the cloud-based application usage management system 100 receives a security policy from the administrator 110, and a cloud-based application to the user 102 according to the input security policy.
- a system for providing the use of it includes one or more user terminals 104 and a management server 108.
- the user terminal 104 may include various types of devices having a data communication function and an information processing function through a network, such as, for example, a tablet PC, a smart phone, or a personal digital assistant (PDA).
- the user 102 may be a person who wants to use a cloud-based application
- the manager 110 may be a person who manages the use of the cloud-based application.
- Each of the user terminals 104 and the management server 108 may be connected via a network 106, and the network 104 may be, for example, the Internet, one or more local area networks, and a wide area network. area networks), cellular networks, mobile networks, and wired or wireless networks such as low-power wide-area networks (LPWANs).
- LPWANs low-power wide-area networks
- One or more user terminals 104 request the use of one or more applications to the management server 108 and provide the requests to the user 102.
- the management server 108 may manage one or more cloud-based applications, and the user terminal 104 may request the management server 108 to use the application at the request of the user 102. In addition, the user terminal 104 may provide the application to the user 102 when the use of the application is provided from the management server 108.
- One or more user terminals 104 collect and transmit logs related to the use of one or more applications to the management server 108.
- the user terminal 104 may collect a request for use of an application requested by the user 102 and logs generated as the user 102 uses the application.
- the user terminal 104 may transmit logs to the management server 108 every preset period, or may transmit logs to the management server 108 whenever a new log is collected.
- the management server 108 receives a security policy for one or more applications from the manager 110.
- the security policy may be a policy for restricting the use of an application for security, such as a function of an application or access to an application.
- the management server 108 may receive different security policies for each of one or more applications managed by the management server 108.
- the management server 108 may each receive a security policy for each of one or more applications from the manager 110.
- the management server 108 may group one or more applications into one or more groups, and receive a security policy for each one or more groups from the administrator 110.
- the management server 108 may receive different security policies for each of the user terminals 104.
- the management server 108 may receive each security policy for each user terminal 104 from the manager 110.
- the management server 108 may group one or more user terminals 104 into one or more groups, and receive security policies for each one or more groups from the administrator 110.
- the management server 108 determines whether the application use request from the user terminal 104 conforms to the security policy input through the manager 110, and as a result of the determination, the application use request from the user terminal 104 conforms to the security policy. If so, the use of the application is provided to one or more user terminals 104. At this time, when it is determined that the application use request of the user terminal 104 does not conform to the security policy as a result of the determination, the management server 108 provides a security policy violation message to the user terminal 104. In this case, the user terminal 104 may output a security policy violation message provided from the management server 108 to the user 102.
- the management server 108 receives a first request for use of the first application. It can be determined whether or not the security policy for the application is met.
- one or more user terminals 104 may request the management server 108 to execute a function related to the use of the first application (eg, a photo taking function using the first application, etc.), and the management server 108 ) Can determine whether these requests comply with the security policy.
- the management server 108 when the use of one or more applications is requested to the management server 108 from a specific user terminal (eg, the first user terminal 104-1), the management server 108 For example, it may be determined whether the application use of the first user terminal 104-1) conforms to the security policy.
- the management server 108 analyzes the log received from the user terminal 104 and provides usage information for one or more applications to the manager 110.
- the usage information for one or more applications includes, for example, information on the application being used by each user terminal, traffic information by date and time of each application, traffic information by user terminal of each application, and each application being used. It may include information on the user terminal, information on the application usage time of each user terminal, and the like.
- the management server 108 analyzes the log received from the user terminal 104, and when the application use of the user terminal 104 includes abnormal use, including hacking, what is provided to one or more user terminals 104 The use of the application may be stopped, and a hacking risk message may be output to the manager 110.
- the management server 108 uses, for example, a security analysis framework such as an open SOC framework, whether the use of the application of the user terminal 104 includes an abnormal behavior such as, for example, hacking. You can judge whether or not.
- a security analysis framework such as an open SOC framework
- the management server 108 is hacked including information on the user terminal 104 and the application being used by the user terminal 104 A risk message can be output to the manager 110.
- the management server 108 uses an application such that a specific user terminal (for example, the second user terminal 104-2 continuously contains abnormal behavior, the corresponding user terminal (for example, the second user terminal) A hacking risk message including information on (104-2)) and information on the number of times the application is used to include an abnormal behavior may be output to the manager 110.
- a specific user terminal for example, the second user terminal 104-2 continuously contains abnormal behavior
- the corresponding user terminal for example, the second user terminal
- a hacking risk message including information on (104-2)) and information on the number of times the application is used to include an abnormal behavior may be output to the manager 110.
- FIG. 2 is a view for explaining a method of providing the use of an application to a user 102 in the cloud-based application use management system 100 according to an embodiment of the present invention.
- the management server 108 may receive a security policy for an application from the manager 110 (202) and apply the input security policy to the application (204).
- the user terminal 104 may receive a request for use of the application from the user 102 (206), and may request the use of the application to the management server 108 (208). In addition, the user terminal 104 may collect 210 logs related to the use of the application, and provide the collected logs to the management server 108 (212).
- the management server 108 determines whether the application use request from the user terminal 104 conforms to the security policy (214), and provides the use of the application to the user terminal 104 when the application use request conforms to the security policy. Can do it (216). Accordingly, the user terminal 104 may provide the use of the application to the user 102 (218).
- the management server 108 may analyze the log provided from the user terminal 104 (220) and provide information related to application use to the manager 110 (222).
- FIG 3 is a view for explaining a method of outputting a security policy violation message to a user 102 in the cloud-based application usage management system 100 according to an embodiment of the present invention.
- the management server 108 To provide a security policy violation message (316).
- the user terminal 104 may output a security policy violation message to the user 102 (318).
- FIG. 4 is a view for explaining a method of outputting a hacking risk message to the manager 110 in the cloud-based application usage management system 100 according to an embodiment of the present invention.
- FIG. 4 shows a process after it is determined that the application use request of the user terminal 104 conforms to the security policy.
- the user terminal 104 may receive application use from the management server 108 and provide it to the user 102 (402, 404). In addition, the user terminal 104 may collect logs related to the application usage of the user 102 and provide them to the management server 108 (406, 408).
- the management server 108 may analyze the log provided from the user terminal 104 (410). At this time, as a result of the log analysis, if the application use of the user terminal 104 includes an abnormal use such as, for example, hacking, the management server 108 stops providing the application use (412), and hacks to the administrator 110 A danger message may be output (414).
- an abnormal use such as, for example, hacking
- FIG. 5 is a flowchart of a method for managing use of a cloud-based application performed by the system 100 for managing use of a cloud-based application according to an embodiment of the present invention.
- the management server 108 receives a security policy for one or more applications from the manager 110 (502). At this time, the management server 108 receives each security policy for each of the one or more user terminals 104 from the administrator 110, or groups the one or more user terminals 104 into one or more groups, and secures each of one or more groups. Policy can be entered. In addition, the management server 108 may each receive a security policy for each of one or more applications from the administrator 110, group one or more applications into one or more groups, and receive a security policy for each of one or more groups.
- One or more user terminals 104 request the use of one or more applications to the management server 108 (504).
- At least one user terminal 104 collects and transmits the log related to the use of the application to the management server 108 (506).
- the management server 108 determines whether the application use request from the user terminal 104 conforms to the security policy (508).
- the management server 108 provides the use of the application to one or more user terminals 104 when the request for using the application from the user terminal 104 satisfies the security policy (510). In this case, as a result of the determination, if the application use request of the user terminal 104 does not conform to the security policy, the management server 108 may provide a security policy violation message to one or more user terminals 104.
- One or more user terminals 104 provide (512) the use of an application to a user (102). At this time, when a security policy violation message is provided from the management server 108, one or more user terminals 104 output a security policy violation message to the user 102.
- the management server 108 analyzes the log provided from the user terminal 102 and provides usage information for one or more applications to the manager 110 (514). At this time, the management server 108 analyzes the log provided from the user terminal 102 and, when the use of the application of the user terminal 102 includes abnormal use including hacking, the application that was provided to one or more user terminals 104 It is possible to stop the use of and output a hacking risk message to the manager 110.
- the method is described by dividing the method into a plurality of steps, but at least some of the steps are performed in a different order, combined with other steps, performed together, omitted, or divided into detailed steps. Or, one or more steps not shown may be added and performed.
- ICT security services intelligent HR services with advantages such as high efficiency, low cost, management expertise, and convenience due to the concentration of IT services related to cloud computing technology It is believed that it can be applied to various industrial technology fields such as services.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un système et un procédé de gestion de l'utilisation d'une application infonuagique. Un système de gestion de l'utilisation d'une application infonuagique selon des modes de réalisation de la présente invention comprend : au moins un terminal d'utilisateur qui demande l'utilisation d'au moins une application à partir d'un serveur de gestion, fournit celle-ci à un utilisateur et collecte un journal relatif à l'utilisation d'une application pour transmettre le journal au serveur de gestion ; et le serveur de gestion, qui reçoit une entrée d'une politique de sécurité sur ladite application de la part d'un administrateur, détermine si une demande d'utilisation satisfait ou non la politique de sécurité, fournit l'utilisation d'une application audit terminal d'utilisateur lorsque la demande d'utilisation satisfait la politique de sécurité en conséquence de la détermination, et analyse le journal pour fournir des informations d'utilisation de ladite application à l'administrateur.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2019-0035628 | 2019-03-28 | ||
KR1020190035628A KR102212806B1 (ko) | 2019-03-28 | 2019-03-28 | 클라우드 기반 어플리케이션의 이용 관리 방법 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020197096A1 true WO2020197096A1 (fr) | 2020-10-01 |
Family
ID=72608634
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2020/002439 WO2020197096A1 (fr) | 2019-03-28 | 2020-02-20 | Système et procédé de gestion de l'utilisation d'une application infonuagique |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR102212806B1 (fr) |
WO (1) | WO2020197096A1 (fr) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090044202A (ko) * | 2007-10-31 | 2009-05-07 | 주식회사 이븐스타 | 웹페이지의 우회침입 탐지 및 매개변수 변조 침입 탐지를이용한 웹 보안 서비스 방법 및 그 시스템 |
KR101403626B1 (ko) * | 2013-08-14 | 2014-06-03 | (주) 뉴코 | 클라우드 컴퓨팅 환경에서의 스마트 단말 통합 보안 관리 방법 |
KR20150052010A (ko) * | 2012-08-31 | 2015-05-13 | 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. | 클라우드 플랫폼을 구현하기 위한 네트워크 시스템 |
KR20170036392A (ko) * | 2015-09-24 | 2017-04-03 | 삼성전자주식회사 | 통신 시스템에서 정보 보호 장치 및 방법 |
JP2018518762A (ja) * | 2015-05-28 | 2018-07-12 | オラクル・インターナショナル・コーポレイション | 自動異常検出および解決システム |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101949196B1 (ko) | 2017-04-24 | 2019-02-19 | (주)유엠로직스 | 프라이빗 보안통제 브로커 시스템 및 그 보안통제 방법 |
-
2019
- 2019-03-28 KR KR1020190035628A patent/KR102212806B1/ko active IP Right Grant
-
2020
- 2020-02-20 WO PCT/KR2020/002439 patent/WO2020197096A1/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20090044202A (ko) * | 2007-10-31 | 2009-05-07 | 주식회사 이븐스타 | 웹페이지의 우회침입 탐지 및 매개변수 변조 침입 탐지를이용한 웹 보안 서비스 방법 및 그 시스템 |
KR20150052010A (ko) * | 2012-08-31 | 2015-05-13 | 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. | 클라우드 플랫폼을 구현하기 위한 네트워크 시스템 |
KR101403626B1 (ko) * | 2013-08-14 | 2014-06-03 | (주) 뉴코 | 클라우드 컴퓨팅 환경에서의 스마트 단말 통합 보안 관리 방법 |
JP2018518762A (ja) * | 2015-05-28 | 2018-07-12 | オラクル・インターナショナル・コーポレイション | 自動異常検出および解決システム |
KR20170036392A (ko) * | 2015-09-24 | 2017-04-03 | 삼성전자주식회사 | 통신 시스템에서 정보 보호 장치 및 방법 |
Also Published As
Publication number | Publication date |
---|---|
KR20200114237A (ko) | 2020-10-07 |
KR102212806B1 (ko) | 2021-02-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Logeshwaran et al. | The role of integrated structured cabling system (ISCS) for reliable bandwidth optimization in high-speed communication network | |
US7315903B1 (en) | Self-configuring server and server network | |
WO2012077944A2 (fr) | Système d'identification de terminaux partagés utilisant un paquet de réseau et son procédé de traitement | |
WO2012121482A2 (fr) | Dispositif et procédé de traitement de cryptage de données d'un système de stockage de nuages | |
WO2018010269A1 (fr) | Procédé et dispositif de traitement de message | |
WO2013122360A1 (fr) | Procédé, système et support d'enregistrement pour analyser une configuration de réseau dynamique d'application mobile | |
CN1649309A (zh) | 网络管理方法和系统以及计算机 | |
WO2016148483A1 (fr) | Appareil et procédé de gestion d'énergie domestique au moyen d'une balise dans un système de gestion d'énergie domestique | |
WO2018182065A1 (fr) | Procédé d'association d'abonnement à ressources multiples dans un système m2m | |
WO2020197096A1 (fr) | Système et procédé de gestion de l'utilisation d'une application infonuagique | |
WO2024005565A1 (fr) | Procédé, système, et support d'enregistrement non transitoire lisible par ordinateur de fourniture de service de messagerie | |
WO2017164446A1 (fr) | Système et procédé d'analyse et de fourniture de données de capteur basées sur ido | |
WO2017078462A1 (fr) | Procédé et dispositif pour fournir des données dans un système multimédia | |
WO2023017953A1 (fr) | Procédé et système d'automatisation de spécification d'api standard pour la distribution de données entre des systèmes hétérogènes | |
WO2010024565A2 (fr) | Procédé pour fournir un portail collaboratif et système de portail collaboratif mettant en oeuvre ce procédé | |
CN114125024B (zh) | 音频传输方法、电子设备及可读存储介质 | |
WO2013122361A1 (fr) | Procédé, système et support d'enregistrement pour gérer des informations sur les politiques en vue de réduire la charge du réseau | |
WO2015068897A1 (fr) | Procédé permettant de relayer un serveur de cloud | |
WO2019107596A1 (fr) | Procédé de configuration d'une api de contrôle de données basée sur l'onem2m | |
WO2014193081A1 (fr) | Système et procédé de gestion des limites de service | |
WO2015080378A1 (fr) | Procédé pour identifier un terminal de partage et système correspondant | |
WO2013065887A1 (fr) | Système de sécurité pour réseau de communication mobile | |
WO2018016798A1 (fr) | Dispositif de gestion de sécurité et procédé de gestion de sécurité permettant de gérer la sécurité d'un terminal client | |
WO2023182591A1 (fr) | Système de solution de surveillance hybride et surveillance de serveurs l'utilisant | |
WO2014025224A1 (fr) | Appareil et procédé de détection de modèle de paquet d'application correspondant à une interception de paquet et support d'enregistrement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20779493 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20779493 Country of ref document: EP Kind code of ref document: A1 |